diff options
| author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-15 15:35:00 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-15 15:35:00 +0300 |
| commit | fccc9454ff415a707081f48ec3a50cae4a8b1b4a (patch) | |
| tree | f60ef27541d6766811af08e26bef30f5125fe220 /CHANGELOG | |
| parent | b75866120b2391d0f2f01d03601a19baa9fa9b4e (diff) | |
| parent | 28f9c98641907089b7088a67195c5bb447c647d2 (diff) | |
Merge branch 'search-information-leak' into 'master'
Don't leak existence of group or project via search.
Fixes gitlab/gitlab-ee#266.
See merge request !1762
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index a207a59db63..15ced7a3bcb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,8 @@ v 7.10.0 (unreleased) - Fix project import URL regex to prevent arbitary local repos from being imported. - Fix directory traversal vulnerability around uploads routes. - Fix directory traversal vulnerability around help pages. + - Don't leak existence of project via search autocomplete. + - Don't leak existence of group or project via search. - Fix bug where Wiki pages that included a '/' were no longer accessible (Stan Hu) - Fix bug where error messages from Dropzone would not be displayed on the issues page (Stan Hu) - Add ability to configure Reply-To address in gitlab.yml (Stan Hu) |